04 Sep / 2024
We’ve recently seen a rapid evolution in the sophistication of automated cybersecurity applications and functionality. Tools such as Next Generation Firewalls (NGFWs) and Artificial Intelligence-driven Intrusion Detection Systems (AI-IDS) have rapidly transformed from simple, rule-based defences into intelligent, adaptive guardians of digital environments. While these tools offer tremendous capabilities, IBM suggests that when combined with the power of tier 1 and 2 security analysts, automated solutions can only handle around 80% of threats. The kicker here is that the remaining 20% are often more sophisticated, more challenging to detect and more capable of causing significant damage.
With advancements in threat defence technology and awareness, a hardened attack surface has forced these advanced adversaries to adopt and rely on techniques that allow them to move faster and evade detection.
This article looks at the current threats facing businesses across Oceania, the integral role threat hunting plays in protecting enterprises against cyber risks and how Cythera’s new always-on threat-hunting capabilities facilitate threat hunting at scale, protecting you against the other 20%.
Over the past two years, the Australian Cyber Security Centre (ACSC) has observed a marked increase in cyberattacks targeting businesses across various sectors in Australia. There has been a notable rise in identity-based and cloud-focused attacks, where adversaries leverage the systems intended to protect organisations, such as VPNs and cloud services, to gain unauthorised access.
Additionally, attacks on critical infrastructure have surged, with state actors primarily driving these efforts. By employing sophisticated techniques to exploit vulnerabilities in connected operational technology, these attacks have been successful in disrupting essential services across ANZ.
Australia also saw a significant rise in interactive intrusions in 2023. Interactive intrusions represent a particularly sophisticated class of cyberattacks, where adversaries establish an active, persistent presence within a target network. These attacks are distinct from automated attacks in that they involve real-time human operators: hackers who interact directly with systems, using ‘hands-on-keyboard’ tactics to adapt their strategies as they move through the network.
Key characteristics of interactive intrusions include:
Interactive intrusions pose a significant challenge to organisations because they require advanced threat-hunting and incident-response capabilities to detect and mitigate. Traditional security tools, COTS solutions, and automated systems often fail to identify these next-level attacks, necessitating a more proactive, human-centric approach to cybersecurity.
Adversaries are increasingly using “living off the land” tactics, leveraging stolen identities and legitimate tools already present within a network to minimise their footprint. This approach reduces the chances of triggering traditional security alerts, as the adversaries’ activities can closely mimic regular user or system administrator actions. This makes it exceptionally difficult for defenders to distinguish between malicious behaviour and everyday operations.
As adversaries adopt new tactics, Cythera remains at the forefront of cybersecurity innovation. Our team has been working diligently behind the scenes to develop and enhance capabilities that keep pace with these evolving threats and stay one step ahead. Cythera’s new always-on threat-hunting capabilities are designed to counteract even the most sophisticated attacks, effectively stopping adversaries before they can get close to compromising your network.
Experience the difference between Cythera’s Hu-MANaged Detection and Response service, a solution that adapts to your needs and goes beyond inflexible, one-size-fits-all MDR tools.
Schedule a demo today, and we’ll provide a free security tooling evaluation to assess your current workplace defences. As a thank you, we’re also offering an Apple Air Tag or Android Compatible ‘Tile’.
Data Harvester Parading as a Legitimate Application -ZoomInfoContactContributor.exe
What is Happening?Cythera are reporting a significant increase in the installation of a potentially unwanted application called ZoomInfo Contact…
Read MoreDon’t Fall for the ‘Tick + Flick’ Trap: The difference between a true MDR and Tick + Flick Service
An objection some customers have when we first connect is that they “already use a Managed Detection and Response service”, yet a little dig…
Read MoreMalware That Lives Beyond OS Rebuild
Normally if your machine is infected with malware, you can simply reinstall Windows, and the problem is solved, right? Not with this type of mal…
Read More